Securix Linux

Last month I receive new books purchased from Amazon.co.uk

First one is: Hacking Exposed Linux: Linux Security Secrets and Solutions

• Paperback: 813 pages
• Publisher: McGraw-Hill Osborne; 3 edition (1 Aug 2008)
• Language English
• ISBN-10: 0072262575
• ISBN-13: 978-0072262575
• Amazon.co.uk

I personally rate this book with 3 of 5 stars.

Second book is: Hardening Linux
Author: James Turnbull

• Paperback: 546 pages
• Publisher: APRESS (1 Feb 2005)
• Language English
• ISBN-10: 1590594444
• ISBN-13: 978-1590594445
• Amazon.co.uk

I will start reading this next week, but I suppose that this book will be much better than previous one.

In meantime I have to discuss design of Securix control script (update, install, maintenance) with some geeks on forums because I don’t want to reinvent the wheel.

I also think about my own Gentoo overlay, but I’m not sure if all needed features are supported (signing packages/scripts, ect.)

I want to have all clear before I will start coding, because this script will then maintain whole server and also try to fix common issues itself so it should be designed well.

Happy Easter

Hi all,

conference Security Session is over. My presentation can be found here [PDF] and here [SlideShare.net]
We have also plan to put videos on Youtube and prepare subtitles for them. If so, you can translate my presentation into any other languages supported by Youtube player.

I said on conference that Alpha version will be available +/- this summer. So lets continue with hard work on Securix to fulfill what I promised.

Regarding output of checksec.sh we are on right way :]

stay tuned

Hi all,

I would like to invite you on Security Session 2012 conference held on 18. February in Brno, Czech Republic.

For more information please visit the main page http://session.security-portal.cz/ (CZ) or http://session.security-portal.cz/en/ (for English)

Securix Installer isn’t public available yet. You can see progress in this post.

version 03/01/2012

• added grub fallback in case of problems with new kernel (panic, ect..)
• added grub password to avoid unauthorized single user mode
• added automatic serial terminal access detection and setup
• added genkernel configuration generator for further kernel updates
• added user auditing, bash commands logging
• added limits.conf – protection against depletion of system resources, fork bombs, ect.
• added login.defs to align with Securix environment
• added VESA framebuffer with Securix Linux Logo on boot (vga 791)
• added Securix system groups operators and services
• added terminal encoding in UTF-8
• added pvcreate force to avoid questions when LVM already exist
• fix fstab LVM misconfiguration
• fix login issue (securetty)
• fix iptables-save

version 15/12/2011

• advanced partitioning (boot, swap, root, usr, home, var, opt, tmp) with options (where possible) noatime, nodev, nosuid, noexec
• Full disk encryption (LUKS)
• LVM automatically for disks >20GB
• predefined kernel setup for virtual environments (VirtualBox, KVM, VMware, …)
• rewritten yesno function
• securix user for first login

08/2011 – 16/11/2011

• environment checking, architecture, network
• functions, variables, system setup, trap errors
• hostname, root password, manual network setup, …
• partitioning (/boot, swap, /)
• stage3 and portage installation
• make.conf generator
• CHROOT script
• system installation, configuration & hardening
• kernel compiling
• grub installation and setup
• compiling system applications
• iptables script
• sysctl config
• kernel accelerated AES encryption
• …

Hi all,

I just want to inform you how it looks with Securix project now.

I have spent a lot of hours on Google to find out some installers for Gentoo.

I’ve found Cryptogen from guy called OozIe – http://blog.ooz.ie/search/label/cryptogen but link on cryptogen.sh is broken and OozIe is unable to find it out anymore.

Next project is Anaconda for Gentoo (from wiktor w brodlo) which can be great for further Gentoo installations because at this moment you must setup Gentoo by yourself (step-by-step) with Gentoo Handbook but most of installations are totally same so it is painful to do same things again and again…
This project is just on start, but can be very useful for next Gentoo releases.

Problem is that Anaconda installer using X but Securix not, so it make no sense to install system via GUI if system itself have no X environment.

Solution is: own script :] Securix Installer is written in bash and should ask you only for device/disk where you want install system, hostname and password. Everything else is setup automatically (architecture, gcc options, use flags, kernel, grub, …) to get maximum from your hardware.

Script isn’t completed yet and it takes some time of troubleshooting until I can release it as public, but from that time we can have first beta of Securix!

Stay tuned, more to come!

You can find Securix sysctl.conf file on our WiKi.

Every feedback is appreciated. Thx

http://securix.security-portal.cz/wiki/doku.php/etc_sysctl.conf

Hi,

I’ve installed DokuWiki into Securix website where I will post all configurations, installation setup, howto’s and other related informations.

If you have some improvement don’t hesitate and update content. [link]

Thank you!

Hi all,

fact that you don’t see updates on webpage doesn’t mean inactivity of project.

Currently I’m testing new settings and features on corporate environment just to be sure that I’m on right way. You can setup verbose auditing but if log files take 100GB per week then it isn’t very usable.

Please be patient 

thx

Hi visitor,

currently we haven’t official release yet. Our project is just on start and it will take few months until first release can be available for download as VirtualBox image.

Come back again later or check Current status page.

===

  _________                                        __
 /   _____/   ____    _____    __  __  ________   |__| ___  ___
 \_____  \   / __ \  /   __\  |  ||  \ \_  ___ \  |  | \  \/  /
 ______|  \ |  ___/  \  \___  |  ||  /  |  |_/ /  |  |  > || <
/_________/  \_____\  \_____\ |_____/   |__| |_\  |__| /__/\__\